Multi-receiver authentication plays an important role in network security. Many researchers have studied the constructions and the properties of the multi-receiver authentication scheme. However, most of these schemes treat the capability of all the receivers equally. In practice, receivers may have different other than equal powers in many cases. The authors consider the new scenario in the multi-receiver authentication. The authors propose a multi-receiver authentication scheme with hierarchical structure among the receivers. The authors construct an unconditionally secure multi-receiver authentication code by using the Birkhoff interpolation. The authentication scheme is also able to send multiple messages.

The Feistel-2 cipher is a type of Feistel ciphers proposed by Isobe and Shibutani at Asiacrypt 2013. Its round functions consist of a public F-function and a subkey XORed before the F-function. Recently, a variation of the Feistel-2 cipher, in which the subkey is XORed after the F-function, has been widely used in proposals such as SIMON and Simeck. The authors denote this type of Feistel ciphers as Feistel-2. In this study, they study the security of Feistel-2* ciphers. First, they propose the differential function reduction technique. Then, they present all-subkeys-recovery attacks against Feistel-2* ciphers based on this technique. Let z be the key size to block size ratio of block ciphers. It is shown that their attacks can break up 6, 8 and 10 rounds of the Feistel-2* cipher for z = 1, 3/2 and 2, respectively. Thanks to the meet-in-the-middle approach, their attacks only need a few chosen plaintexts. Moreover, with higher-data complexity, all attacks can be improved by one round. This implies that a secure Feistel-2* cipher should at least iterate 8, 10 and 12 rounds for z = 1, 3/2 and 2, respectively.

Today, many resource-constrained terminal devices prefer to outsource data stream to an intermediary for managing and storing. However, within this growing trend, the trusted problem of outsourcing data stream is universally concerned. It is extremely critical to prove that the data stream provided by the third party is trust. Therefore, in order to efficiently and effectively verify the trusted of the outsourcing data stream with adequate control, this study presents a kind of dynamic authenticated data structure with access control on outsourced data stream. Based on this data structure, the authors are able to establish a novel authentication scheme, which can support data stream to add and update in real time and verification with fine-grained access control. In addition, the security and efficiency of the proposed scheme are analysed in this study. Through comparing and analysing with the existing schemes, the proposed scheme has higher security and efficiency in terms of data stream addition and update.

The study presents a new efficient way to construct the one-round key exchange (ORKE) without random oracles based on standard hard complexity assumptions. The authors propose a (PKI-based) ORKE protocol which is more computational efficient than existing pairing-based ORKE protocols without random oracles in the post-specified peer setting. The core idea of this construction is to integrate the consistency check of the ephemeral public key and the verification of the signature into the session key generation. This enables us to roughly save two pairing operations. The authors just call this kind of scheme that is deeply composed by signature and one-round key exchange as SignORKE. The authors’ protocol is shown to be secure in a variant of the Canetti–Krawczyk security model which covers the majority of state-of-the-art active attacks.

Sensitive data stored in laptops or other mobile devices can easily be lost, stolen, misplaced or corrupted, the remote backup storage technique is used to address these issues; however, the backup server could not be fully trusted, the data should be encrypted in advance. Although the key is more easily protected due to the smaller size compared with the backup data, it is still impossible for ordinary human to remember. A user-centred design data backup scheme is proposed using multi-factor authentication. The user firstly selects a symmetrical key and divides it into three shares, then destroys the key. The key can easily be reconstructed by combining the shares stored in the user's smart card and the laptop. Even if the smart card or laptop is lost, the key can still be recovered with the password and biometrics. The proposed scheme not only achieves the required security goals but also is more robust and practical.

Certificate-based cryptosystem can eliminate the private key escrow problem inherent in the identity-based cryptosystem and can simplify the costly certificate management in the traditional public key cryptosystem. In 2016, Lu et al. raised an open problem of whether the certificate-based signature (CBS) scheme can be proved secure against the malicious-but-passive certifier attack. In this study, the authors try to solve this problem. They give an enhanced security model of the CBS scheme which can resist the malicious-but-passive certifier attack. Then they propose a concrete CBS scheme in the standard model by using bilinear pairings. They prove the scheme to be secure in the enhanced security model under the Squ-CDH assumption. In this way, the authors give an affirmative answer to the above open problem. Finally, the authors evaluate the efficiency of the scheme which shows it to be practical. In addition, they find that malicious-but-passive certifier security cannot coexist with super adversary security in a CBS scheme in the standard model.

The minimum degree (resp. algebraic degree) of a Boolean permutation is the minimum (resp. maximum) algebraic degree of all the non-zero linear combinations of its coordinate functions. In this study, the authors concentrate on the design of Boolean permutations with optimal minimum degree. First, they present a novel method for optimising the minimum degrees of known Boolean permutations. Second, they show that the Boolean permutations, which are obtained by optimising Boolean permutations without optimal algebraic degree, have optimal minimum degree. At last, it is shown that their method generates an infinite class of involutions with optimal minimum degree.

It is already known that the internal permutation of the stream cipher RC4 generally deviates from a random permutation. These deviations are termed as biases, theoretical justification of which is being reported since early 2000. However, there are several biases (anomalies), which are not proven till date. In this study, the authors provide the theoretical proofs of all significant anomalies of RC4 in the 16-byte key setting. In the process, they also provide the theoretical justification of the zig-zag type distribution of the 31st output byte of RC4 (first discovered and presented by AlFardan et al. in USENIX 2013).

The MARS-like structure is a generalised Feistel structure. In 2015, Xue and Lai proved that there always exist (3n − 1)-round impossible differentials of MARS-like structures with n subblocks, as long as the round function is bijective. In this study, the length of the impossible differentials is extended by 1 round supposing that the MARS-like structure adopts the bijective round function of SP-type, i.e. the round function is decomposed into a substitution layer followed by a linear diffusion layer. It is surprised that such result is irrelevant to both the specifics of the S-boxes in the substitution layer and the specifics of the linear transformations in the diffusion layer.

SIMON is a family of lightweight block ciphers publicly released by National Security Agency (NSA). Up to now, there have been many cryptanalytic results on it by means of impossible differential, integral, zero-correlation linear cryptanalysis and so forth. In this study, the authors analyse the characteristic of the Boolean functions of SIMON32 and find that the presentation of zero-sum property is influenced by the degree of the corresponding Boolean function. As a result, the zero-sum integral distinguisher for 14-round SIMON32 is identified which is same to the one given by Wang et.al. Inspired by this finding, they also experimentally find the zero-sum integral distinguisher for 16-round SIMON48. Then, the integral attacks on 22-round SIMON32, 22-round SIMON48/72 and 23-round SIMON48/96 are given. They improve the previous integral attack on SIMON32 from 21-round to 22-round, and the first integral attack on SIMON48 is proposed.

Secret sharing (SS) has been extensively studied as both a means of secure data storage and a fundamental building block for multiparty computation (MPC). For these purposes, code-efficiency and MPC-suitability are required for SS but they are incomparable. Recently, a computational SS and a conversion protocol were proposed. The computational SS is code-efficient and the conversion protocol converts shares of the computational (code-efficient) SS into those of an MPC-suitable SS, and it can be applied to reduce the amount of data storage while maintaining extendibility to MPC. However, this protocol is one-way: one cannot convert the share of MPC output value. In addition, it is only passively secure. The authors propose three protocols and a new computational SS. The first protocol is the inverse of the existing protocol, that is, it converts an MPC-suitable SS to the existing SS. The other two protocols are actively secure conversion protocols that convert shares between the new SS and an MPC-suitable SS. The new computational SS is code-efficient when the number of parties is small, so these two protocols are for converting between the code-efficient SS and an MPC-suitable SS. These two conversion protocols are actively secure in the honest majority.

The last two decades have witnessed an emergence of role-based access control (RBAC) as the de facto standard for access control. However, for organisations already having a deployed RBAC system, in many cases it may become necessary to associate a temporal dimension with the existing access control policies due to changing organisational requirements. In such cases, migration from RBAC to a temporal extension of RBAC becomes essential. Temporal RBAC (TRBAC) is one such RBAC extension. The process of creating a set of roles for implementing a TRBAC system is known as temporal role mining. Existing temporal role mining approaches typically assume that TRBAC is being deployed from scratch and do not consider it as a migration from an existing RBAC policy. In this study, the authors propose two temporal role mining approaches that enable migration from RBAC to TRBAC. These approaches make use of conventional (non-temporal) role mining algorithms. Apart from aiding the migration process, deriving the roles in this manner allows the flexibility of minimising any desired role mining metric. They experimentally evaluate the performance of both of the proposed approaches and show that they are both efficient and effective.